AWS Boto顯示所有角色

Question

嘗試列出帳戶中的所有角色，以便我可以附加策略。我正在閱讀boto3文檔，但我沒有看到一種方法來返回帳戶中的一組角色。

這可能嗎？

Answer 1

這是我想出來的。用您的實際值替換CAPS值。

附加一個內嵌的政策，所有角色的帳戶

#!/usr/bin/env python 
# Author: Nick Skitch 

import boto3 
import json 


def main(): 

    boto3.setup_default_session(profile_name=PROFILE_NAME) 
    client = boto3.client('iam') 
    policy_document = get_policy_body(IAM_POLICY_JSON) 

    roles = get_roles(client) 

    for role in roles: 
     update_role(role,client,"required_tags",policy_document) 

def get_policy_body(data_file): 
    with open(data_file) as data_file: 
     data = data_file.read() 
    return data 

def update_role(role_name, client,iam_policy_name,policy_document): 
    response = client.put_role_policy(
    RoleName=role_name, 
    PolicyName=iam_policy_name, 
    PolicyDocument=policy_document 
    ) 

    print response 

def get_roles(client): 
    client = boto3.client('iam') 
    response = None 
    role_names = [] 
    marker = None 

    # By default, only 100 roles are returned at a time. 
    # 'Marker' is used for pagination. 
    while (response is None or response['IsTruncated']): 
     # Marker is only accepted if result was truncated. 
     if marker is None: 
      response = client.list_roles() 
     else: 
      response = client.list_roles(Marker=marker) 

     roles = response['Roles'] 
     for role in roles: 
      print(role['Arn']) 
      role_names.append(role['RoleName']) 

     if response['IsTruncated']: 
      marker = response['Marker'] 

    return role_names 



if __name__ == "__main__": 
    main() 

Answer 2

按你的問題中 - 你需要的政策附加到角色。 爲此，首先，您要從帳戶獲取所有角色。 您可能需要以下兩件事情之一將策略附加到特定角色。

• 角色名稱
• 阿恩

下面的代碼可以幫助你 - 我想提出一個IAM連接，並得到從帳戶中的所有角色。因爲，您將以Dicts和Array的形式獲得輸出結果，您需要提取arn或名稱

import boto3 
client = boto3.client('iam',aws_access_key_id="XXXXX",aws_secret_access_key="YYYYY") 
roles = client.list_roles() 
Role_list = roles['Roles'] 
for key in Role_list: 
    print key['RoleName'] 
    print key['Arn']